On 06/17/2014 03:44 PM, Jeff Morriss wrote:
> On 06/17/14 08:27, Alan Marchiori wrote:
>> I'm trying to build wireshark (1.10.6) from source on my Ubuntu 14.04
>> machine to work on a plugin. I also have the ubuntu wireshark package
>> installed and working properly from my user account and am able to
>> capture packets on eth0 (using the wireshark group). However, when I
>> build from source, my user account cannot capture on eth0.
>>
>> I have tried various options with the configure script, eg:
>> ./configure --enable-dumpcap --enable-setcap-install
>> --with-dumpcap-group=wireshark
>>
>> And set the capture properties to match the ubuntu package's dumpcap:
>> $ getcap /usr/local/bin/dumpcap
>> /usr/local/bin/dumpcap = cap_net_admin,cap_net_raw+eip
>>
>> src/wireshark-1.10.6$ getcap ./dumpcap
>> ./dumpcap = cap_net_admin,cap_net_raw+eip
>>
>> but still my compiled wireshark/dumpcap cannot access eth0.
>>
>> Any ideas?
>
> When you compile from source ./dumpcap isn't an binary executable, it's a
> (libtool) shell script. Linux doesn't allow shell scripts to have capabilities
> nor be setuid so when you run it, it'll run as you and without the necessary
> capabilities.
>
> Unfortunately the only ways around this are to install what you've built (e.g.,
> "make install" or build a package and install it) or run as root (not a great
> idea--and if you're using a real plugin as opposed to a built-in dissector, your
> plugin won't get loaded while running as root from the build directory).
Ah, no, there's a way:
1) Run your own build of Wireshark once (which cannot show interfaces)
2) sudo /sbin/setcap cap_net_raw,cap_net_admin=eip .libs/lt-dumpcap
3) Run your Wireshark again, presto, interfaces listed
Enjoy,
Jaap